Beware of Weaponized PDFs that Deliver NetSupport RAT

The notorious cybercriminal group Rogue Raticate, also known as RATicate, has resurfaced with a new campaign targeting enterprises.

This group, active for several years, is infamous for infiltrating corporate networks with malicious emails and remote access trojans (RATs).


This week, cybersecurity experts observed another wave of attacks from Rogue Raticate, leveraging weaponized PDF files to deliver the NetSupport Remote Access Tool (RAT).

Malicious PDFs and Social Engineering Tactics

According to the Broadcom reports, The latest campaign involves emails with seemingly innocuous PDF attachments, such as “unpaid-7985652547.pdf” and “Paper-2445311685.pdf.”

These PDFs contain malicious URLs designed to trick recipients into clicking.

Rogue Raticate employs two primary social engineering templates to lure victims: OneDrive and Adobe.

Scan Your Business Email Inbox to Find Advanced Email Threats - Try AI-Powered Free Threat Scan

If a user is deceived into clicking the embedded URL, they are redirected through a Traffic Distribution System (TDS), which ultimately deploys the NetSupport RAT on their machine.

This sophisticated chain of events underscores the group’s evolving tactics and the persistent threat they pose to enterprises.

Symantec has implemented several protective measures to safeguard its customers in response to this threat.

Additionally, file-based detections such as Scr.DLHeur!gen7 and Scr.DLHeur!gen10 is in place to identify and mitigate these malicious PDFs.

Symantec’s comprehensive approach ensures that enterprises are well-protected against the evolving tactics of cybercriminal groups like Rogue Raticate.

However, it remains crucial for users to stay vigilant and exercise caution when handling unsolicited emails and attachments.

Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free

Divya is a Senior Journalist at Cyber Security news covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.